ZigBee/ZigBee PRO security assessment based on compromised cryptographic keys

Sensor networks have many applications in monitoring and controlling of environmental properties such as sound, acceleration, vibration and temperature. Due to limited resources in computation capability, memory and energy, they are vulnerable to many kinds of attacks. The ZigBee specification based on the 802.15.4 standard, defines a set of layers specifically suited to sensor networks. These layers support secure messaging using symmetric cryptographic. This paper presents two different ways for grabbing the cryptographic key in ZigBee: remote attack and physical attack. It also surveys and categorizes some additional attacks which can be performed on ZigBee networks: eavesdropping, spoofing, replay and DoS attacks at different layers. From this analysis, it is shown that some vulnerabilities still in the existing security schema in ZigBee technology.Les xarxes de sensors tenen moltes aplicacions en el control i la monitorització de les propietats del medi ambient, com ara el so, l¿acceleració, la vibració i la temperatura. A causa dels limitats recursos en la capacitat de càlcul, la memòria i l'energia són vulnerables a molts tipus d'atacs. L'especificació ZigBee basada en l'estàndard 802.15.4, defineix un conjunt de capes, adaptada específicament per a xarxes de sensors. Aquestes capes suporten missatgeria segura mitjançant criptografia simètrica. Aquest article presenta dues formes diferents per agafar la clau de xifrat en ZigBee: atac a distància i atacs físics. També les enquesta i classifica alguns atacs addicionals que es poden realitzar en les xarxes ZigBee: espionatge, falsificació, reproducció i atacs DoS en les diferents capes. A partir d'aquesta anàlisi, es demostren algunes vulnerabilitats existents en l'esquema de seguretat en tecnologia ZigBee.Las redes de sensores tienen muchas aplicaciones en el control y la monitorización de las propiedades del medio ambiente, como el sonido, la aceleración, la vibración y la temperatura. Debido a los limitados recursos en la capacidad de cálculo, la memoria y la energía son vulnerables a muchos tipos de ataques. La especificación ZigBee basada en el estándar 802.15.4, define un conjunto de capas, adaptada específicamente para redes de sensores. Estas capas soportan mensajería segura mediante criptografía simétrica. Este artículo presenta dos formas diferentes para coger la clave de cifrado en ZigBee: ataque a distancia y ataques físicos. También las encuesta y clasifica algunos ataques adicionales que se pueden realizar en las redes ZigBee: espionaje, falsificación, reproducción y ataques DoS en las diferentes capas. A partir de este análisis, se demuestran algunas vulnerabilidades existentes en el esquema de seguridad en tecnología ZigBee

A Study of IEEE 802.15.4 Security Framework for Wireless Body Area Network

A Wireless Body Area Network (WBAN) is a collection of low-power and lightweight wireless sensor nodes that are used to monitor the human body functions and the surrounding environment. It supports a number of innovative and interesting applications, including ubiquitous healthcare and Consumer Electronics (CE) applications. Since WBAN nodes are used to collect sensitive (life-critical) information and may operate in hostile environments, they require strict security mechanisms to prevent malicious interaction with the system. In this paper, we first highlight major security requirements and Denial of Service (DoS) attacks in WBAN at Physical, Medium Access Control (MAC), Network, and Transport layers. Then we discuss the IEEE 802.15.4 security framework and identify the security vulnerabilities and major attacks in the context of WBAN. Different types of attacks on the Contention Access Period (CAP) and Contention Free Period (CFP) parts of the superframe are analyzed and discussed. It is observed that a smart attacker can successfully corrupt an increasing number of GTS slots in the CFP period and can considerably affect the Quality of Service (QoS) in WBAN (since most of the data is carried in CFP period). As we increase the number of smart attackers the corrupted GTS slots are eventually increased, which prevents the legitimate nodes to utilize the bandwidth efficiently. This means that the direct adaptation of IEEE 802.15.4 security framework for WBAN is not totally secure for certain WBAN applications. New solutions are required to integrate high level security in WBAN.Comment: 14 pages, 7 figures, 2 table

Relay Selection for Wireless Communications Against Eavesdropping: A Security-Reliability Tradeoff Perspective

This article examines the secrecy coding aided wireless communications from a source to a destination in the presence of an eavesdropper from a security-reliability tradeoff (SRT) perspective. Explicitly, the security is quantified in terms of the intercept probability experienced at the eavesdropper, while the outage probability encountered at the destination is used to measure the transmission reliability. We characterize the SRT of conventional direct transmission from the source to the destination and show that if the outage probability is increased, the intercept probability decreases, and vice versa. We first demonstrate that the employment of relay nodes for assisting the source-destination transmissions is capable of defending against eavesdropping, followed by quantifying the benefits of single-relay selection (SRS) as well as of multi-relay selection (MRS) schemes. More specifically, in the SRS scheme, only the single "best" relay is selected for forwarding the source signal to the destination, whereas the MRS scheme allows multiple relays to participate in this process. It is illustrated that both the SRS and MRS schemes achieve a better SRT than the conventional direct transmission, especially upon increasing the number of relays. Numerical results also show that as expected, the MRS outperforms the SRS in terms of its SRT. Additionally, we present some open challenges and future directions for the wireless relay aided physical-layer security.Comment: 16 pages, IEEE Network, 201

On Evaluating the Performance Impact of the IEEE 802.15.4 Security Sub-layer

Nowadays, wireless sensor networks (WSNs) are used in a wide range of application scenarios ranging from structural monitoring to health-care, from surveillance to industrial automation. Most of these applications require forms of secure communication. On the other hand, security has a cost in terms of reduced performance. In this paper we refer to the IEEE 802.15.4 standard and investigate the impact of the 802.15.4 security sub-layer on the WSN performance. Specifically, we analyze the impact that security mechanisms and options, as provided by the standard, have on the overall WSN performance, in terms of latency, goodput, and energy consumption. To this end, we develop an analytical model and a security enabled simulator. We also use a real testbed, based on a complete open-source implementation of the standard, to validate simulation and analytical results, as well as to better understand the limits of the current WSN technology

A Survey on Wireless Security: Technical Challenges, Recent Advances and Future Trends

This paper examines the security vulnerabilities and threats imposed by the inherent open nature of wireless communications and to devise efficient defense mechanisms for improving the wireless network security. We first summarize the security requirements of wireless networks, including their authenticity, confidentiality, integrity and availability issues. Next, a comprehensive overview of security attacks encountered in wireless networks is presented in view of the network protocol architecture, where the potential security threats are discussed at each protocol layer. We also provide a survey of the existing security protocols and algorithms that are adopted in the existing wireless network standards, such as the Bluetooth, Wi-Fi, WiMAX, and the long-term evolution (LTE) systems. Then, we discuss the state-of-the-art in physical-layer security, which is an emerging technique of securing the open communications environment against eavesdropping attacks at the physical layer. We also introduce the family of various jamming attacks and their counter-measures, including the constant jammer, intermittent jammer, reactive jammer, adaptive jammer and intelligent jammer. Additionally, we discuss the integration of physical-layer security into existing authentication and cryptography mechanisms for further securing wireless networks. Finally, some technical challenges which remain unresolved at the time of writing are summarized and the future trends in wireless security are discussed.Comment: 36 pages. Accepted to Appear in Proceedings of the IEEE, 201

Solutions and Tools for Secure Communication in Wireless Sensor Networks

Secure communication is considered a vital requirement in Wireless Sensor Network (WSN) applications. Such a requirement embraces different aspects, including confidentiality, integrity and authenticity of exchanged information, proper management of security material, and effective prevention and reaction against security threats and attacks. However, WSNs are mainly composed of resource-constrained devices. That is, network nodes feature reduced capabilities, especially in terms of memory storage, computing power, transmission rate, and energy availability. As a consequence, assuring secure communication in WSNs results to be more difficult than in other kinds of network. In fact, trading effectiveness of adopted solutions with their efficiency becomes far more important. In addition, specific device classes or technologies may require to design ad hoc security solutions. Also, it is necessary to efficiently manage security material, and dynamically cope with changes of security requirements. Finally, security threats and countermeasures have to be carefully considered since from the network design phase. This Ph.D. dissertion considers secure communication in WSNs, and provides the following contributions. First, we provide a performance evaluation of IEEE 802.15.4 security services. Then, we focus on the ZigBee technology and its security services, and propose possible solutions to some deficiencies and inefficiencies. Second, we present HISS, a highly scalable and efficient key management scheme, able to contrast collusion attacks while displaying a graceful degradation of performance. Third, we present STaR, a software component for WSNs that secures multiple traffic flows at the same time. It is transparent to the application, and provides runtime reconfigurability, thus coping with dynamic changes of security requirements. Finally, we describe ASF, our attack simulation framework for WSNs. Such a tool helps network designers to quantitatively evaluate effects of security attacks, produce an attack ranking based on their severity, and thus select the most appropriate countermeasures

Análise e exploração das vulnerabilidades da tecnologia zigbee em ambientes IoT

Trabalho de Conclusão de Curso (graduação)—Universidade de Brasília, Faculdade de Tecnologia, 2018.Tendo em vista o grande progresso das redes IoT (Internet of Things), cada vez mais pre- sentes nos diferentes setores da sociedade, considera-se que faz parte da sua evolução também o desenvolvimento dos métodos de segurança que assegurem sua proteção, garantindo integridade, autenticidade e privacidade. Por esse motivo, o presente trabalho apresenta um estudo realizado no Laboratório UIoT do curso de Engenharia de Redes de Comunicação, localizado na Universi- dade de Brasília, com o objetivo de analisar as medidas de segurança tomadas. Considerando o aumento da utilização do protocolo ZigBee em redes IoT, devido à sua simplicidade e baixo custo, este projeto se propôs analisar as vulnerabilidades deste protocolo a partir da maneira como foi realizada no ambiente em questão e diante dos cenários apresentados. Além disso, considera-se ainda, a existência de uma rede ZigBee já implementada no Laboratório UIoT. Com o auxílio de um dispositivo sniffer, USB Dongle CC2531, em conjunto com um software desenvolvido com a finalidade de gravar as informações do tráfego de redes que usam o protocolo ZigBee, será possível coletar informações de todo o funcionamento da rede. A partir das informações obtidas, o projeto será dividido em quatro cenários, com o intuito de simplificar o estudo. Diante das informações obtidas, propõe-se um método de monitoração, a fim de facilitar a detecção de intrusos na rede e acelerar o processo para solucionar cada caso, auxiliando o gerente na tomada de decisão. Ali- ado a essa proposta, recomenda-se e implementa-se a utilização da criptografia de dados a fim de assegurar a confidencialidade dos dados transmitidos e evitar a conexão de dispositivos intrusos na rede. Por fim, conclui-se que o novo modelo de monitoramento da rede Zigbee no Laboratório UIoT associado à aplicação de criptografia dos dados, permitiu a garantia de uma maior segurança para a rede implementada, tendo em vista que agora, o monitoramento ocorre via camada MAC, e a inserção de um dispositivo externo é dificultada, considerando a obrigatoriedade de se ter uma chave de segurança da rede para conectar-se ao coordenador.In view of the great progress of the IoT (Internet of Things) networks, which are increasingly present in the different sectors of society, it is considered that their development also includes the development of security methods to ensure their protection, guaranteeing integrity, authenticity and privacy. For this reason, the present work presents a study carried out at the UIoT Labo- ratory of the Communication Networks Engineering course, located at the University of Brasília, in order to analyze the safety measures taken. Considering the increase in the use of the ZigBee protocol in IoT networks, due to its simplicity and low cost, this project proposed to analyze the vulnerabilities of this protocol based on the way it was done in the environment in question and in the scenarios presented. In addition, it is also considered the existence of a ZigBee network alre- ady implemented in the UIoT Laboratory. With the aid of a sniffer device, USB Dongle CC2531, together with software developed for the purpose of recording network traffic information using the ZigBee protocol, it will be possible to collect information about the entire network operation. Based on the information obtained, the project will be divided into four scenarios, in order to simplify the study. Given the information obtained, a monitoring method is proposed in order to facilitate the detection of intruders in the network and accelerate the process to solve each case, assisting the manager in decision-making. In addition to this proposal, the use of data encryp- tion is recommended and implemented in order to ensure the confidentiality of transmitted data and to avoid the connection of intrusive devices in the network. Finally, it is concluded that the new Zigbee network monitoring model in the textit UIoT Lab associated with the application of data encryption, allowed the guarantee of a greater security for the implemented network, since now the monitoring occurs via the MAC layer, and the insertion of an external device is difficult, considering the obligation to have a network security key to connect to the coordinator